Watchguard proxy deny executables

I have a Watchguard firewall that I'm trying to block executables from being downloaded on.
If I allow application/octet-stream under "Content Types" so that users can download PDF, word, and excel documents from their webmail, then executables (EXE) appear to be allowed on that Watchguard proxy.
How can I allow application/octet-stream and deny executables.?

If you need to allow application/octet-stream only from one/few specific sites, then you can configure as below:
1. Your current HTTP proxy service with application/octet-stream denied.
2. Create new HTTP proxy or create copy of above [so you would not need to configure from scratch] and then allow application/octet-stream content type and configure as, Enabled and Allowed; from any-trusted [or specific alias/subnet/hosts]; to specific-public-ip-of-websites

Now only for website having their public IP in step 2 would have application/octet-stream allowed; rest sites would have application/octet-stream blocked.

Note that service created at 2 must be placed higher in order than 1; so that it gets hit first.

dpk wal,
Your post sparked an idea that might be my solution but is still quite frustrating
To keep things simple, why don't I just add proxy exceptions in my current HTTP-Proxy_OUT and turn off the application/octet-stream globally.
I'm discouraged that to allow PDF file downloads, I have to allow application/octet-stream at all. This is quite frustrating as that is also the application type for executables. Doesn't make sense to me.
We have alot of users that randomly research on the web and view alot of PDF type documentation. This would keep me chasing my tail making exceptions every time someone is doing a google search for documentation on certain product offerings. Typically PDF documents in alot of cases.

In your case as the websites are random disabling application/octet-stream globally seems most workable solution.
As you know usability and security are inversely proportional, this trade-off is necessary.

Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.

This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…

In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster.
To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…